On Thu, Jul 17, 2008 at 03:00:23PM +0200, Steffen Joeris wrote: > Package: byacc > Severity: grave > Tags: security, patch > Justification: user security hole > > Hi > > Quoting an email[0] from Jan Lieskovsky about CVE-2008-3196. > > Description of problem: > ======================= > > Otto Moerbeck has reported the following potential out of bounds of the > allocated stack access in the yacc binary:
I saw the comment on another mailing list (it would have been nice if he'd given a test case that exercised more than the 2-line slice affected, since changing this has the potential for breaking other things...). -- Thomas E. Dickey http://invisible-island.net ftp://invisible-island.net
pgp4kiwXFA86x.pgp
Description: PGP signature
